- Payment & Fraud Editorials

15^th July, 2020

The focus on streamlining payment-related aspects has strengthened over the past few months that mean more optionts to pay, efficient processes, lowering costs etc.

“Considering convenience and flexibility-related requirements and expectations of travelers moving forward a seamless refund process is going to be imperative, especially in the short-term as refunds continue,” highlighted Rachel Morowitz, UATP’s VP, Alternative Form of Payment, during Ai’s ATPS Webinar – Payment Strategy Roundtable.  She also referred to continued innovation in areas such as virtual cards and contactless payments, for example at the airport.

Options such as “buy now, pay later”, too, are gaining traction.

The growth in installment payments has accelerated during the pandemic. The likes of airlines, hotels, OTAs etc. are considering this form of payment to be a key tool in their recovery, said Tom Botts, CCO, Uplift.

The option to pay in installments is a way to support and stimulate demand. The role of a partner like Uplift should be seen from a payment marketing specialist perspective and understanding of conversion, optimizing areas like check-out messaging, auto-updates as ancillaries are added etc., said Botts. In addition to the U. S. and Canada, the company is in the process of expanding operations to Latin America, allowing airlines to extend this payment option.

As for why Uplift stands out, Botts said, “Everything we do designed is to drive business results for our travel partners.”  The offering is optimized for travel conversion. As for the processing, he said that at the time of paying for a transaction, if a customer opts for paying via installments, there is a sub-second credit check, and accordingly options are presented. Uplift settles with no changes to the existing flow, and no impact to payment processing or revenue accounting workflows.

During the webinar, it emerged that 82% of the attendees intend to accept more alternative form of payments (AFPs).  

US-based #paymentech specialist and omni-channel acquirer Citcon’s Seth Friedman shared that the company is in the processing of facilitating 20 mobile wallets over the course of next 12 months. He mentioned that mechants, in addition to letting consumers pay via wallets, should also look at the demand stimulation prowess of an ecosystem like WeChat.

As for processing of payments and looking at efficiency while adding AFPs, airlines must evaluate aspects like integration, reconciliation, automation and global coverage.

By Ritesh Gupta

Follow Ai on LinkedIn: https://www.linkedin.com/company/airline-information/?viewAsMember=true

First Published on 24^th January, 2019

Payments are going digital and the increased speed of adoption is being driven by multiple factors. These include an abundance of new electronic payment methods—many of which are layered on top of existing payment methods—focused on convenience, speed and the overall consumer experience.

According to a recent report, Key Trends in Digital Payments Markets and Strategic Infrastructure, developed by The Initiatives Group and sponsored by Equinix, the key trends currently shaping digital payments markets around the world are:

·          Real-time payments (To date, discussions about real-time payments have been dominated by the core functionality—speed, availability and rails on which money is moved, together with the challenges associated with their implementation. However, conversations are now shifting towards value-added products and services that an enhanced infrastructure will allow financial institutions (and others) to bring to market);

·          Regulatory interventions—often focused on streamlining digital payments (regulators are seeking to capture the economic efficiencies embedded in electronic transactions, and to drive increased competition and innovation by opening up customer banking data to third parties. Regulators are also continuing to scrutinize and assert control around the costs associated with electronic payments, to ensure that their widespread adoption is not hindered (and related efficiencies gained), and there is transparency in pricing (with consumers and businesses able to make valid comparisons);

·          Open banking—potentially bringing new players into the arena (As with real-time payments, open banking will facilitate the creation of new products and services, driven by regulation and enabled by advances in technology. While this will continue the commoditization of transaction banking, it also brings new opportunities to add value through data).

The study highlights that the handling of the payment, the ability to recognize returning customers and cross-linking potential offers need to happen fast, securely, and efficiently be delivered locally to users. It is critical to choose an interconnection and co-location provider based on its ability to reach all target users, interconnect the required cloud and payment partners, and integrate the required payment rails and governance controls.

Download the report – click here

Follow Ai on Twitter: @Ai_Connects_Us

14^th September, 2019

Ai Editorial: The behaviour of consumers when they shop via mobile and what makes such devices risky has to be ascertained. It is must to focus on the right data points to keep a tab on fraudulent transactions originating via mobile devices, writes Ai’s Ritesh Gupta

E-commerce players, including ones from the travel sector, are evaluating ways to keep a tab on fraudulent transactions emanating from mobile devices.

It is being acknowledged that merchants must drift away from those data points that aren’t astute pointers in identifying such type of fraud. The behaviour of consumers when they shop via mobile and what makes such devices risky has to be ascertained. When specialists point out that mobile fraud is different from traditional e-commerce fraud, it is owing to the fact that unlike browsing and accessing via a PC, mobile devices result in novel characteristics that obscure the user verification process.

Security measures for a mobile device

E-commerce players must dwell on ways to validate and authorize a purchase as quickly as possible.

For this, there has to be a mechanism for real-time mobile device detection and the journey for mobile orders. All of this isn’t easy. As Riskified points out, the aspects that make mobile commerce attractive and convenient for consumers also result in complex hurdles for merchants when it comes to keeping a tab and authentication mobile orders. Citing an example, the fraud prevention specialist shared that its team ended up unearthing a major botnet fraud ring by evaluating data garnered from consumers’ interaction with merchants’ e-commerce sites and mobile apps. For this, the team delved deep into the journey, starting from whether the order was placed on a mobile device or elsewhere. The team further explained: If mobile, note what type of device — was it an Android device or an iPhone? From here on, assess the starting point for mobile-related orders. Did the shopping originate on a PC and eventually finished the transaction via a mobile device? And was it via a mobile site or an app? Or did the shopper finish it via a traditional site only? If checkout was on a mobile device, it’s vital to identify whether the shopper was accessing the site through a mobile web browser, or the mobile app. By following these steps, a travel retailer can effectively spot the origin, and then plan and executive precise safety measures to combat fraud.

Analysis

Riskified also asserts that merchants “need to discern what is relevant for analysis”. The team refers to few crucial areas:

• Cellular IP addresses are not unique identifiers. Be careful when it comes to marking a red flag based on this. In fact, lookout for unique identification number associated with such devices. Not easy for fraudsters/ hackers to spoof the same. This identifier would enable the merchant to track the device regardless of the Wi-fi or cellular network the device is using.

• Remember that completing a transaction while being connected to a new Wi-fi network doesn’t necessarily mean that the order is fraudulent.

• Riskified’s data shows merchants can safely approve over 94% of mobile orders with a partial AVS match, and over 70% of mobile purchases with a full AVS mismatch. The feeble connection between AVS results and mobile order fraud may be owing to the fact that users find it tough to enter their billing address on mobile devices’ smaller screens.

• Securing the authentication process starts with the device itself. Using behavioral biometrics, merchants can verify a customer’s identity without making the process difficult for the customer. So focus on behavioral data unique to the mobile channel or focusing more on data that is equally reliable across mobile and desktop channels.” Mobile carrier information, GPS location, and advanced behavioral analytics can all be used. As a specialist in behavioral biometrics, SecuredTouch asserts that the days of static biometric techniques are numbered. Rather merchants now need to dwell upon continuous authentication that features device intelligence, behavioral anomalies. All of this becomes even more important as mobile-related fraud is on the rise, and the behaviour of consumers when they shop via mobile and what makes such devices risky needs to be ascertained.

It all boils to verification of the legitimacy of the user, but considering the usage of today’s devices for shopping and the tricks of fraudsters, merchants need to evolve as well.

For Ai’s upcoming events: click here

13th May, 2019 

PSD2 or the payment services directive in Europe is being associated with a major change in payments and data protection. It is aimed at regulating payment collection and payment services in the EU and EEA. The PSD2 legislation came into effect last year, with full operational compliance to technical standards required by September this year.

It is a challenging phase for the entire payment ecosystem, says Laurie Gablehouse, Global Head of Travel Solutions, Ingenico ePayments, who was in Brighton, UK last week for Ai’s ATPS (13th ATPS Worldwide Event).

Laurie pointed out that the standards are still evolving, with grasp over “80% - 90% of what needs to happen”. “(So) the timing is quite late from a technical perspective for everybody to be ready by September.” She recommended that merchants, including airlines, need to assess where this directive is going to be applicable and accordingly, what are the requirements for the SCA (Strong Customer Authentication). The SCA requirement is for transactions between cardholders whose payment cards have been issued in the EEA and merchants located in the EEA. Exemptions include low value payments at the point of sale (to facilitate the use of mobile and contactless payments).

Ritesh Gupta

Ai 

Follow Ai on Twitter: @Ai_Connects_Us

30^th March, 2020

Be it for a hotel chain offering rooms to the homeless people in France or airlines asking staff with medical vocational training to consider helping doctors and other medics are things the entire travel industry can be proud of as the fight against the COVID19 goes on, writes Ai’s Ritesh Gupta

Helping the needy, taking care of the sufferer, offering support to the elderly …any act of kindness amidst all the gloom is what warms our heart to no end.

We all are witnessing, and some of us are even going through, extremely painful moments. And when one ends up being a savior for someone, it’s gladdening and emerges as one moment of happiness that we all can share.

The way the travel industry has contributed during the COVID19 pandemic exemplifies its character.

Airlines are carrying medical supplies globally via cargo flights and operating repatriation flights to get people home.

Ed Bastian, CEO at Delta Air Lines, has not only empathized as a corporate leader, but also a father and family member, as he dwelled on the significance of occasions like graduations and weddings and how his team is trying to make it easier to change or cancel flights with no fee via My Trips on Delta.com.

Delta is extending free flights to medical volunteers to certain U.S. regions impacted by the deadly coronavirus to support medical professionals on the front lines.

Acknowledging the role of air cargo in times of crisis, for instance, in delivering lifesaving medical supplies, many airlines including American Airlines, Lufthansa etc. are utilizing its currently grounded passenger aircraft to move cargo in and out of the country, too. These airlines are making every effort to ensure that the flow of cargo does not stop.

Service in medical facilities

The airline staff is also being counted to meet the shortage of medical personnel. Many airline staff are first aid trained or hold other clinical qualifications.

Lufthansa has shared that employees with medical vocational training can now volunteer for service in medical facilities.

In the U. K., the National Health Service (NHS) has enlisted easyJet and Virgin Atlantic to work alongside NHS clinicians at new Nightingale hospitals as part of the fight against coronavirus.

According to an official release:  The airlines are asking staff who have not been working since the COVID-19 pandemic grounded some planes to consider helping the thousands of doctors, nurses and other medics at the new hospitals being built across the country. easyJet has already written to all 9,000 of its UK based staff, which includes 4,000 cabin crew who are trained in CPR, while Virgin Atlantic will write to approximately 4,000 of their employees this week, prioritizing those with the required skills and training. New hospitals are being built in London, Birmingham and Manchester.

Hotel rooms for homeless people

Accor has acknowledged the fact there is a health crisis in France. Accordingly, the group has chosen to help the healthcare community and deprived people with accommodation solutions in the group’s hotels. Accor has set up a telephone helpdesk to respond quickly to needs and emergency situations. The group is offering a total capacity of 1,000 to 2,000 beds to accommodate homeless people throughout the country. The service is also open to all medical staff involved in the fight against COVID19. So when Sébastien Bazin, Chairman and CEO of Accor Group, says, “Welcoming, protecting and taking care of others is at the very heart of what we do”, he exemplifies how an organization can use its core resources and play its part in coming out of such a perilous situation.

When Bastian says, “Our commitment to you remains…”, these are not only reassuring words for stakeholders but also makes one proud of being a part of this wonderful industry.

Stay safe, stay healthy! 

Secure remote commerce, chargeback management, lowering losses from false positives…a number of pertinent issues were discussed on the second day of ATPS Virtual Conference 2020.

22^nd October, 2020

Travel merchants, including airlines, are understandably prioritizing projects that can contribute to their immediate recovery. As for supporting interactions and payment methods that are touchless or contactless, airlines are starting to respond to the same, though the pace of the same can’t be compared with some of the other verticals.

Speaking on the second day of #ATPS, Keith Wilson, Director Of Strategic Merchant Relations at Discover, acknowledged that contactless payment option has been around for 12-18 months or so in the U. S. “…(it has) been proliferating fairly quickly. (It) really ramped up because in the grocery stores and other places that you would go to - not having to touch things is definitely a huge benefit. We haven't seen a lot of movement in travel. Of course, in the travel industry, there is a lot of ticketing and reservation systems that would involve massive changes.” It still hasn’t turned out to be a huge priority yet, but as Wilson mentioned, one airline has started to implement and contactless EMV for onboard sales and several other airlines are investigating as well.

Wilson also referred to the adoption of secure remote commerce or SRC.

SRC specifications pave way for a consistent UX for shoppers and overall simplified checkout experience. This way a consumer doesn’t need to re-enter information on websites that support SRC, thereby speeding up checkout time and reducing abandonment. No need to create an account. A user who enrolls in SRC and chose to have their device remembered will checkout as a guest on a merchant website they have not visited before.

Amidst signs of recovery don’t ignore the threat of fraud

In terms of recovery, there was reference to The Transportation Security Administration (TSA) screening over 1 million passengers last Sunday. This meant that highest number of passengers  were screened at TSA checkpoints since March 17 this year. Also, the weekly volume of 6.1 million, marked  the highest weekly volume for TSA since the start of the COVID-19 pandemic.

At the same time fraudsters haven’t stopped targeting the travel industry even though the sector has suffered immensely over the last six months or so. Rather than waiting for bookings to pick up, it is imperative for travel merchants to find way to “understand users to avoid losing legitimate travel shoppers”,  according to Hubert Rachwalski, CEO, Nethone.

Merchants shouldn’t rely only on historical transactional data, but as Rachwalski recommended, also take into consideration device info (spoofing detection, virtual machine detection etc.), network info (TOR detection, IP geo-location etc.) and behavioural info (e. g. mouse movement). Speaking at the #ATPS, he added that it is critical for any airline to lower the losses from false positives. “Evaluate the traffic in the background and pave way for a frictionless experience to shoppers,” he said.

One of the metrics Nethone uses to support the fact fraudsters are targeting the travel sector - is % of transaction attempts with signals triggered, i.e. 'Virtual Machine', 'Tor Network' and 60 others. And even though COVID-19 has caused the transaction volumes to drop sharply, the traffic with signals has almost doubled.

Looking at the future in a pragmatic way

Shazad Iqbal, Former Senior Payments Consultant (Commercial), British Airways referred to the significance of collaboration among various stakeholders, especially for data, for instance, in-depth analysis of transactions. Also, it is imperative to win back the confidence of travelers via transparent policies and initiatives. Motie Bring, CCO, Nuvei  also acknowledged that airlines can look at their “systems and partnerships” to let travellers pay in the manner which makes them feel most secure and confident about their transaction.

In the same session, Fernando Souza, VP Global Travel & Transit Solutions, Cybersource referred to the rise in touchless payment experiences, for instance, the use of public transportation services are increasingly facilitating such options. “We are seeing reduction in personnel  in the fraud management department,” added Souza, who added that airlines still need to improve automation of refund process. 

Alex Zeltcer, CEO & Co Founder, nSure.ai highlighted that the industry is going to witness last minute transactions. In this context, can airlines avail a chargeback guarantee offering, that takes on the liability for any fraudulent transactions? Zeltcer also highlighted that fraudsters can continue to break through rules in fraud systems, and the role of data and machine learning is going to be critical.

Amine Boulaghmen, Head of Payment Facilitation Solutions, IATA shared that airlines have to respond to digitalization, for instance, acting as retailers to offer a superlative experience. Also, since carriers have been left with no choice but to respond to changes in consumer behavior and cash flow-related considerations, payment-related processes are being addressed and improved. 

On the B2B payments side, the volatility, as expected, made the situation precarious for acquirers. How to understand all of the unique risks posed by airlines? A travel merchant might go out of business without delivering the bought service.

Brett Turner, Head of Global Airline Acquiring, SVP, Elavon highlighted the role of data. It is key to understanding contingent liability risk. “Help in understanding all moving parts like refund, vouchers etc. in overall tracking and managing of risk,” he said.

B2B travel payment options

In a session about how the relationship between airlines and travel agencies is evolving and is expected to shape up, Livia Vite, Head of Airline Partnerships, eNett highlighted that recovery initiatives post-COVID19 pandemic is going to result in a unique opportunity for both the stakeholders to work on a  B2B travel payments approach to benefit all in the travel value chain. “With all the risks and costs to the travel distribution landscape magnified post-COVID, both airlines and agents are now very aware of payment risks,” said Livia.

Delving deep into what each of the stakeholder needs to introspect, she referred to various aspects of retail model from an agency’s perspective. For instance, in case agents decided not to become a merchant then are travel shoppers going to comfortable with multiple transactions appearing on their card statements? How would the agent compete against agencies using the retailer model?

For their part, airlines must re-visit how travel agencies help them to expand their reach in terms of their role in facilitating access to away markets, and catering for local payment preferences in these markets.

“Many airlines and agents are using this opportunity to rethink their payment and/or distribution strategies and to start the conversation,” mentioned Livia.

This topic was also discussed in the final session of the day featuring Pascal Burg, Director, Edgar Dunn & Company; Stephane Druet, SVP, Head of Product and Marketing, CellPoint Digital; and Christophe Kato, Assistant Director, IATA.

Druet also spoke about cutting down on the overall cost per payment transaction by dynamically routing payments to local acquirers to reduce cross-border traffic (and fees). The panelists also spoke about payment orchestration and the importance of automating back-end processes like settlement and reconciliation and incorporate fraud rules and regulatory compliance, all of which reduce chargebacks and fraud.

By Ritesh Gupta

Ai Team

21^st February, 2020

Ai Editorial: Security safeguards and privacy-related initiatives are becoming stronger. Biometric authentication is an interesting tussle, and the industry is looking at negating fraudsters/ hackers’ moves, writes Ai’s Ritesh Gupta

Biometric authentication has numerous applications, and one of them is verifying/ authorizing a transaction.

Among all the options, facial recognition has gained traction because it is non-intrusive, easy to use and fast. It has gained prominence as it is being facilitated by our smartphones.

Since biometric authentication is about recognizing an individual without friction, rather than doing the same via a password or PIN, it stands out for augmenting the user experience with speed, ease of use and option to pay anywhere. But there are aspects that still need to be looked into. Be it for security-related risks, user privacy concerns or fraudulent transactions, repercussions are being probed at this juncture.

Plus, there are industry-related issues as well. For instance, this form of authentication does indicate that a cardholder himself or herself validated a transaction, but if the card network has no provision to use such data as the main proof, then that knowledge is useless.

Concerns

According to Gemalto, the efficacy of facial recognition systems is based on: false acceptance, false rejection and  true positive (this describes when an enrolled user is correctly matched to his or her profile. This number should be high.)

As for concerns, artificial intelligence (AI)-based identity fraud is emerging as a serious issue. What is coming under inspection is the efficacy of biometric security measure such as facial recognition. A primary concern that a section of the industry is highlighting is hackers/ fraudsters managing to steal people’s faces.  Recognition of one’s voices and face as a way to validate a person’s identity is under scrutiny with the rise of synthetic media and deepfakes. How damaging deepfakes can be, as they can perfectly imitate features of a person. Deepfakes are powered by deep learning AI. The algorithms behind this AI are fed large amounts of data. Eventually, by capitalizing on such data, “deepfake” videos manipulate audio and video using AI to make it appear as though someone did or said something they didn’t. It does pose a challenge to validating the legitimacy of information presented online.

As highlighted in one of Ai’s recent articles, initiatives are in the pipeline, focusing on automated deepfake detection. Identity verification specialist, Jumio emphasized that it is “vitally important to embed 3D liveness detection into identity verification and authentication processes”. The company is working on plans to combat advanced spoofing attacks including deepfakes. (It is important to know that not all liveness is created equal and many un-certified liveness detection solutions fall prey to deepfakes). Among the others, Facebook, too, last year was in news for working on a ‘de-identification’ technology to morph a person’s face so that they remain unrecognisable to facial recognition technology. Also, specialists are focusing on a certain kind of machine learning. In this type patterns in image data are spotted. It features a system of artificial neurons that copy the functioning of the human brain.

Companies like Apple acknowledge that much of our digital lives are stored on their devices, and it's important to protect that information . While technology in these devices can automatically alter modifications in one’s appearance, such as wearing cosmetic makeup or growing facial hair, the industry is also looking at areas like not unlocking with a sleeping face.  Also, these companies are using smarter technologies. For instance, Apple has highlighted that the camera of its devices captures accurate face data by projecting and analyzing over 30,000 invisible dots to create a depth map of face and also captures an infrared image of face. Also, each time a user unlocks their device, the camera identifies by securing precise depth data and an infrared image. This information is matched against the saved mathematical version to verify.

Earlier this year, Apple asserted that a random person looking at a user’s iPhone or iPad Pro and unlocking it using Face ID is approximately 1 in 1,000,000 with a single enrolled appearance. For more, read here.

Keen on exploring fraud prevention, data privacy and protection issues?

Check-out Ai’s conferences scheduled for 2020: https://lnkd.in/fE7UK_T

First Published on 21st September, 2018

Ai Editorial: Airlines intend to take steps to control their payments strategy holistically. This gives them visibility into  payments in all their sales channels and in all countries, allowing them to identify inefficiencies, writes Ai's Ritesh Gupta

What can pave way for optimization of payment-related experience? It is a vital question, especially for travel merchants with cross-border operations.

Businesses can't wait for long to embrace a new payment method. Every minute detail is being scrutinized as far as removing friction from the shopping process is concerned. And if a customer abandons the shopping cart owing to inflexibility in payment-related options, then the likes of airlines aren't doing any good to their business.

Roadblocks to innovation

According to a recent study by Amadeus' payment business, travel e-commerce companies are pulled back by many factors when it comes to innovation in this space. The list includes consumer data security, credit card data security, fraud losses, complexity of existing payment systems etc.

So how to combat such major roadblocks to payments innovation?

"Airlines looking to innovate while at the same time keeping customer data safe should first carry out an audit of all the systems in their infrastructure which are storing or using that data," recommends Klein Wang, Head of Merchant Services APAC, Amadeus’ payments business.

Wang further added, "Then look to limit – or even eliminate – that data from their systems using techniques like tokenisation. When looking for a tokenisation provider, it is critical to find a provider whose tokens are compatible with all those systems which will need to use and interact with them."

Simplifying infrastructure

There tend to be issues with payment-related infrastructure and the role of partners that facilitate a payment. For instance, not all global payment processors handle acquiring banks and routing the same way. "Airlines work with a number of different acquiring banks and other related service providers. To simplify their payment infrastructure, airlines should look for payments providers which can give them access, control and visibility over their payments infrastructure in a single place. A single source of data and a single entry point to monitor and identify payments from across all their providers," mentioned Wang.

Also, talking of payment acceptance, it is vital for airlines to minimize costs with a more fluid workflow. For instance, what needs to be considered to route a payment to an appropriate acquiring bank? What does the study by Amadeus suggest? "It’s important for airlines to look at the total cost of their payments infrastructure, not just the direct acquiring cost. And many of them are doing that – although not all. With that in mind, the greatest opportunity for airlines today is in reducing the indirect costs of accepting payments caused by manual processes and inefficiencies which are the result of the complexity of managing payments across many different providers in different sales channels and markets," said Wang.

Alternate payment methods

According to Amadeus, many airlines have been adding new payment methods and today accept on average between six and ten different payment methods.

There are two challenges for airlines adding more payment methods: user experience and reporting.

"From a user experience perspective airlines need to find a way to offer the right payment method to the right customer without providing a bewildering list of different payment methods. From a reporting perspective, each new method of payment has a different reporting format so airlines need to work with a partner which can help to harmonise all these different formats so they can get a single view of all payments from all payment methods," said Wang.

Other than most popular or new options, airlines also need to work out a local checkout experience and at the same time being in a position to curb possible criminal fraud.

Wang mentioned that there is always a trade-off between verifying that a payment method is being correctly used by its owner on the one hand and creating an easy-to-use and seamless check-out experience.

"Using a fraud management tool to check the details for signs of potential fraud – in a way that is transparent to the end user – can really help here. Combining such techniques with the application of stronger authentication practises, 3D Secure for example, when the fraud management tool suggests dubious transactions, is a good way to balance consumer experience with effective fraud control," said Wang.

Airlines need to sort payment infrastructure related issues. In fact, as Wang says, for airlines looking at passengers from Asia, these problems even get more complex. "Many airlines are still not offering book and pay functionality on their mobile apps – in many markets, however, mobile is the default. In China, for example, 73% of all e-commerce purchases by value are made on a mobile device (Kleiner Perkins) and mobile payment volume grew 116% in 2017 over the previous year," said Wang. Asia has more diverse local payment practices, more local regulations and more payment providers to work with.  

Follow Ai on Twitter: @Ai_Connects_Us

First Published on 8^th August, 2018

Ai Editorial: Even as travel ecommerce players closely evaluate what to expect as far as bitcoin is concerned, they also need to consider the possibility of fraud, writes Ai’s Ritesh Gupta

The future of bitcoin is under scrutiny. Questions are being raised – is bitcoin investment safe? Has pricing been manipulated? Some believe that the cryptocurrency would bounce back, though the pricing has taken a beating this year.

As for the travel industry, the recent news pertaining to Expedia Group opting to remove bitcoin as one of its payment options is an important development. A certain section of the industry has shown penchant for accepting cryptocurrency payments over the years. But now it seems that travel merchants, including airlines, are not extensively going to opt for cryptocurrency until this payment method establishes its staying power and stability. Volatility associated with a cryptocurrency like bitcoin and counting the same as a payment method isn’t exactly a prudent combination.

Even as investors may enjoy the instability to an extent (it is also being pointed out that since it is dissimilar to stocks or bonds, it is tougher in comparison to unearth price manipulation and fraud in case of a cryptocurrency), for a currency to be a pragmatic option for both shoppers and merchants it has to attain stability. In fact, negative publicity around cryptocurrencies such as bitcoin isn’t helping the cause. A couple of months ago, the Justice Department in the U. S. was in news for probing whether traders were deploying unlawful tactics to dupe others into buying or selling cryptocurrencies. According to a report by Bloomberg, the department attempted to look into illegitimate initiatives such as spoofing and wash trading. Also, the fact that bitcoin is labelled as a relatively risk currency also doesn’t help, for instance, in case the private key is lost or stolen it ends up being an issue.  

The issue of trust 

Even as travel ecommerce players closely evaluate what to expect as far as bitcoin is concerned, they also need to consider the possibility of fraud.

According to a report by Bitcoin.com News, cryptocurrency fraud stood at $9 million per day in the initial months of this year.

Since cryptocurrencies rely on a public ledger called a blockchain, the issue of trust has surfaced. What if it results in distrust? Sift Science has emphasized that in case of cryptocurrencies like bitcoin, “trust quite literally is currency”.

On the positive side, it is being highlighted that crypto payments are attractive for high-risk ecommerce entities engaged in selling big ticket items. Largely, the industry terms these transactions as secure ones. Aspects like cryptocurrency transactions carrying no personal information, and lower or no fee, too, makes them luring. 

The way it works – when a user intends to transfer bitcoins to an individual or an entity, all computers running bitcoin software manage and administer the sender’s public signature through an algorithm and validate the previous transactions encoded in the blockchain to ensure the sender owns the bitcoins they say they do. This technology is regarded as a safe one. Overall, the trust has dwindled owing to a spate of deceitful initial coin offerings (ICOs), claims about mining services, and dubious practices on trading platforms. In a study of around 1500 cryptocurrency offerings, the Wall Street Journal found around one-third with red flags that include plagiarized investor documents, promises of guaranteed returns, and missing or fake executive teams. All the stakeholders need to be cautious. As highlighted by Kount, depending solely upon the regulatory bodies won’t be able to combat the increasing cryptocurrency fraud. Potential investors and businesses, too, need to educate themselves.

Merchants, including airlines, need to evaluate how bitcoin payments protect merchants against fraud and chargebacks. This is because chargebacks don’t work in a system built around blockchain. Also, there is a need to assess how does a cryptocurrency like bitcoin protect and compensate defrauded customers. Sift Science recommends that merchants should assess where their cryptocurrency was being stored and one should set up defenses accordingly. Also, companies taking bitcoin payment must be transparent and communicative with users when they decide to introduce crypto as a payment method.

Hear from experts at the upcoming 7th Annual ATPS Asia-Pacific, to be held in Phuket (4th – 6th Sep 2018). https://lnkd.in/fgEMiF6

First Published on 14^th January, 2019

Ai Editorial: The new version of 3D Secure is being counted upon for supporting additional payment channels - in-app, mobile, and digital wallet payment methods, stronger authentication possibilities for a better checkout experience, and enhanced security, writes Ai’s Ritesh Gupta  

A lot can happen in a fraction of a second when a shopper agrees to wrap up a digital transaction. In this context, the role of 3-D Secure 2.0 or EMV 3-D Secure in improving payments security and increasing authorizations is expectedly under the scrutiny. The purpose of the new protocol is to facilitate the data exchange between the merchant, cardholder and issuer.

The problem with 3D Secure (3DS) is that it has been compromised more than once in the past, and can be easily bypassed by fraudsters who develop fake, yet similar-looking pop-up windows used for 3DS authentication. But, as specialists point out, the new version is going to feature token-oriented and biometric validation, in place of static passwords. It introduces the risk-based authentication, which enables issuers to get additional data from both transaction context and merchant’s and cardholder’s risk profiles. Refined datasets for better verification features email, billing and shipping address, cardholder behaviour information, etc. By supplementing added data during transactions, it is being highlighted that risk-based verdicts will be possible on whether to authorize or not. The shopper experience would be improved upon with the eradication of the early sign-up procedure and taking out the need for cardholders to use static passwords.

Also, there is going to be support of non-browser-based “card not present” payments (so in both application and browser-based solutions, on mobile and other consumer connected devices).

From the industry’s perspective, 3-D Secure 2.0 will pave way for a real-time, protected, details-sharing channel that merchants can avail to send an unmatched number of transaction attributes that the issuer can use without looking for a static password. Overall, enhanced messaging with additional information for better decisions on authentication. Plus, other benefits include better datasets for risk-based authorization, and curbing illegitimate/ dubious transactions, even if a cardholder’s card number is stolen or cloned. Issuers gain from being back in control of their costs with this version. A bigger data set enables the issuer to step up the accuracy of their risk-based probe.

Impact on merchants

With this development, merchants need to garner and disclose high-quality, significant data (email id or device details) in order to process transactions where previously a card number, expiry date and CVC code were enough. The issuer will use such information, plus its own information about the cardholder and the merchant, to assess the transaction’s risk.

As explained recently by Ingenico ePayments in one of its blog posts, “…it’s important to see this as the foundation of using behavioural analysis to fight payment fraud. It’s part of a general sea change: for instance, the European Banking Authority (EBA) shared its opinion in June (last year) that CVV numbers cannot be a second authentication factor in the “knowledge” category (visible on the card), eventually passing to the “possession” category. Guidance from the EBA and EU central banks is needed on what SCA methods are RTS-compliant. Eventually we may see the payment page changing drastically.” It added, “For merchants, the response has varied country by country, but the more data they share, the better their authorization rate will be (up to 10% according to the card network). What’s more, if merchants do share data, and issuer authorization rates are still low, then card schemes will have the power to impose fines, which puts pressure on issuers to step up. They have an obligation to get results.”

For its part, Mastercard has set up a framework called Mastercard Identity Check. The program offers merchants and their banks a way to upgrade and enhance current security solutions to assess possible risks and authenticate legitimate transactions in a seamless way. The company shared that by relying on Identity Check’s AI and machine learning, EMV 3D-Secure can now take into account over 150 different variables of a transaction to help the issuer make a more accurate, insight-based decision whether to approve a transaction or decline it. These variables include such factors as screen brightness, device owner gestures and, shopping purchase history. They are used alongside insights from the merchant and issuer to authenticate a payment.

Future implementations

Major developments are in store, starting in April this year.

As shared by  CardinalCommerce, for Visa, April is going to mark as the initiation period for EMV 3-D Secure in Europe. In the same month, American Express is expected to recommend issuers to shun using static authentication ways while concurrently pushing issuers who are leveraging the EMV 3-D Secure to use risk-based authentication. Also, Mastercard is working on putting in place specific measures related to PSD2 and EMV 3-D Secure.

There have been issues, too, that have been raised. It is being asserted that the new version is privacy invasive  for the shopper. The merchant in all probability would need to handle data with precision (in order to adhere to privacy regulations) and the impact on the issuer, too, has been under the scrutiny. Also, counting on 3-D Secure 2.0 or EMV 3-D Secure is just one piece of the fraud prevention puzzle for merchants. It is being recommended that merchants should be seeking a fraud solution that is able to act as a filter for fraud, rather than only relying on 3DS. A multi-disciplinary approach, that combines machine learning and other techniques to make sense of the score automatically, is required to fully automate the fraud screening process.

Check upcoming Ai Conferences dates or

Follow Ai on Twitter: @Ai_Connects_Us